Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware.
Metrics
Affected Vendors & Products
References
History
Thu, 07 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-522 | |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: jpcert
Published: 2024-03-25T06:10:18.614Z
Updated: 2024-11-07T16:54:34.686Z
Reserved: 2024-03-19T01:48:02.072Z
Link: CVE-2024-29216
Vulnrichment
Updated: 2024-08-02T01:10:55.351Z
NVD
Status : Awaiting Analysis
Published: 2024-03-25T07:15:50.750
Modified: 2024-11-21T09:07:50.187
Link: CVE-2024-29216
Redhat
No data.